ACL for pages
|(English) This is an essay. It expresses the opinions and ideas of some Wikimedians but may not have wide support. This is not policy on Meta, but it may be a policy or guideline on other Wikimedia projects. Feel free to update this page as needed, or use the discussion page to propose major changes.|
Many organizations need the ability to limit access to certain wiki pages (with an Access Control List) based on user ID / group membership, this implies
- an extension to the user admin interface to allow the creation and management of user groups. access to this interface would need to be itself constrained. the new admin pages would allow groups to be created or removed, and users added or removed from groups.
- an ACL extension to the wiki language to constrain access to a given page to one or more groups. the simplest implementation would just enforce the rule that only members of the specified groups can access the page. if the ACL command is not present or the list of groups is empty, then everyone has access.
- an audit facility to find pages that are orphaned due to the fact that all groups in the ACL have been deleted or have no members.
It is also worth noting that large organisations such as Universities usually have existing users and groups systems, often published via LDAP. It is important that the ACL can integrate with the existing AuthPlugin.php to act as a client-only interface for group permissions. In these cases an existing system may exist to centrally administer group memberships, so the wiki will not require an interface to do this.